# Maintainer: Ariadne Conill <ariadne@dereferenced.org>
pkgname=cosign
pkgver=2.4.1
pkgrel=0
pkgdesc="container signing tool with support for ephemeral keys and Sigstore signing"
url="https://github.com/sigstore/cosign"
arch="all"
license="Apache-2.0"
# pcsc-lite-libs needed at runtime for smartcard support
depends="pcsc-lite-libs"
makedepends="go pcsc-lite-dev"
subpackages="
	$pkgname-bash-completion
	$pkgname-fish-completion
	$pkgname-zsh-completion
	"
source="https://github.com/sigstore/cosign/archive/v$pkgver/cosign-$pkgver.tar.gz"
options="chmod-clean !check"

# secfixes:
#   2.2.1-r0:
#     - CVE-2023-46737
#   1.12.1-r0:
#     - CVE-2022-36056
#   1.10.1-r0:
#     - CVE-2022-35929
#   1.5.2-r0:
#     - CVE-2022-23649

export GOCACHE="${GOCACHE:-"$srcdir/go-cache"}"
export GOTMPDIR="${GOTMPDIR:-"$srcdir"}"
export GOMODCACHE="${GOMODCACHE:-"$srcdir/go"}"

build() {
	mkdir build
	go build -o build/ \
		-tags -tags=pivkey,pkcs11key \
		-ldflags=-X=sigs.k8s.io/release-utils/version.gitVersion="v$pkgver" \
		"$builddir"/cmd/...

	for i in bash fish zsh; do
		"$builddir"/build/cosign completion $i > "$builddir"/cosign.$i
	done
}

check() {
	make test
}

package() {
	install -Dm755 "$builddir"/build/cosign "$pkgdir"/usr/bin/cosign

	install -Dm644 "$builddir"/cosign.bash "$pkgdir"/usr/share/bash-completion/completions/cosign
	install -Dm644 "$builddir"/cosign.fish "$pkgdir"/usr/share/fish/vendor_completions.d/cosign.fish
	install -Dm644 "$builddir"/cosign.zsh "$pkgdir"/usr/share/zsh/site-functions/_cosign
}

sha512sums="
4d9bad257dcd189c5c7436833f76f1495ce8de9cc33ae49b5c8655bebff2d87f9e46125e9b5d30b3e61bcc66b740450173591a177124653fb28518fc7105d270  cosign-2.4.1.tar.gz
"
